@civic/auth 0.0.1-beta.19 → 0.0.1-beta.2

package/dist/chunk-NXBKSUKI.mjs

@@ -0,0 +1,481 @@
+import {
+  buildOauth2Client,
+  displayModeFromState,
+  generateState,
+  getOauthEndpoints,
+  isPopupBlocked,
+  validateOauth2Tokens,
+  withoutUndefined
+} from "./chunk-T7HUHQ3J.mjs";
+import {
+  __async,
+  __spreadProps,
+  __spreadValues
+} from "./chunk-RGHW4PYM.mjs";
+
+// src/lib/logger.ts
+import debug from "debug";
+var PACKAGE_NAME = "@civic/auth";
+var DebugLogger = class {
+  constructor(namespace) {
+    this.debugLogger = debug(`${PACKAGE_NAME}:${namespace}:debug`);
+    this.infoLogger = debug(`${PACKAGE_NAME}:${namespace}:info`);
+    this.warnLogger = debug(`${PACKAGE_NAME}:${namespace}:warn`);
+    this.errorLogger = debug(`${PACKAGE_NAME}:${namespace}:error`);
+    this.debugLogger.color = "4";
+    this.infoLogger.color = "2";
+    this.warnLogger.color = "3";
+    this.errorLogger.color = "1";
+  }
+  debug(message, ...args) {
+    this.debugLogger(message, ...args);
+  }
+  info(message, ...args) {
+    this.infoLogger(message, ...args);
+  }
+  warn(message, ...args) {
+    this.warnLogger(message, ...args);
+  }
+  error(message, ...args) {
+    this.errorLogger(message, ...args);
+  }
+};
+var createLogger = (namespace) => new DebugLogger(namespace);
+var loggers = {
+  // Next.js specific loggers
+  nextjs: {
+    routes: createLogger("api:routes"),
+    middleware: createLogger("api:middleware"),
+    handlers: {
+      auth: createLogger("api:handlers:auth")
+    }
+  },
+  // React specific loggers
+  react: {
+    components: createLogger("react:components"),
+    hooks: createLogger("react:hooks"),
+    context: createLogger("react:context")
+  },
+  // Shared utilities loggers
+  services: {
+    validation: createLogger("utils:validation"),
+    network: createLogger("utils:network")
+  }
+};
+
+// src/nextjs/config.ts
+var logger = loggers.nextjs.handlers.auth;
+var defaultAuthConfig = {
+  oauthServer: "https://auth-dev.civic.com/oauth",
+  callbackUrl: "/api/auth/callback",
+  challengeUrl: "/api/auth/challenge",
+  logoutUrl: "/api/auth/logout",
+  loginUrl: "/",
+  include: ["/*"],
+  exclude: [],
+  cookies: {
+    tokens: {
+      sameSite: "strict",
+      path: "/",
+      maxAge: 60 * 60
+      // 1 hour
+    },
+    user: {
+      sameSite: "strict",
+      path: "/",
+      maxAge: 60 * 60
+      // 1 hour
+    }
+  }
+};
+var resolveAuthConfig = (config = {}) => {
+  var _a, _b, _c, _d;
+  const configFromEnv = withoutUndefined({
+    clientId: process.env._civic_auth_client_id,
+    oauthServer: process.env._civic_oauth_server,
+    callbackUrl: process.env._civic_auth_callback_url,
+    challengeUrl: process.env._civic_auth_challenge_url,
+    loginUrl: process.env._civic_auth_login_url,
+    logoutUrl: process.env._civic_auth_logout_url,
+    include: (_a = process.env._civic_auth_includes) == null ? void 0 : _a.split(","),
+    exclude: (_b = process.env._civic_auth_excludes) == null ? void 0 : _b.split(","),
+    cookies: process.env._civic_auth_cookie_config ? JSON.parse(process.env._civic_auth_cookie_config) : void 0
+  });
+  const mergedConfig = __spreadProps(__spreadValues(__spreadValues(__spreadValues({}, defaultAuthConfig), configFromEnv), config), {
+    // Override with directly passed config
+    cookies: {
+      tokens: __spreadValues(__spreadValues({}, defaultAuthConfig.cookies.tokens), ((_c = config.cookies) == null ? void 0 : _c.tokens) || {}),
+      user: __spreadValues(__spreadValues({}, defaultAuthConfig.cookies.user), ((_d = config.cookies) == null ? void 0 : _d.user) || {})
+    }
+  });
+  logger.debug("Config from environment:", configFromEnv);
+  logger.debug("Resolved config:", mergedConfig);
+  if (mergedConfig.clientId === void 0) {
+    throw new Error("Civic Auth client ID is required");
+  }
+  return mergedConfig;
+};
+var createCivicAuthPlugin = (clientId, authConfig = {}) => {
+  return (nextConfig) => {
+    const resolvedConfig = resolveAuthConfig(__spreadProps(__spreadValues({}, authConfig), { clientId }));
+    return __spreadProps(__spreadValues({}, nextConfig), {
+      env: __spreadProps(__spreadValues({}, nextConfig == null ? void 0 : nextConfig.env), {
+        // Internal environment variables - do not set these manually
+        _civic_auth_client_id: clientId,
+        _civic_oauth_server: resolvedConfig.oauthServer,
+        _civic_auth_callback_url: resolvedConfig.callbackUrl,
+        _civic_auth_challenge_url: resolvedConfig.challengeUrl,
+        _civic_auth_login_url: resolvedConfig.loginUrl,
+        _civic_auth_logout_url: resolvedConfig.logoutUrl,
+        _civic_auth_includes: resolvedConfig.include.join(","),
+        _civic_auth_excludes: resolvedConfig.exclude.join(","),
+        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies)
+      })
+    });
+  };
+};
+
+// src/services/UserInfoService.ts
+import { parseJWT } from "oslo/jwt";
+var UserInfoServiceImpl = class {
+  constructor(endpoints) {
+    this.endpoints = endpoints;
+  }
+  extractUserFromIdToken(idToken) {
+    const parsedJWT = parseJWT(idToken);
+    if (!parsedJWT) {
+      return null;
+    }
+    return parsedJWT.payload;
+  }
+  getUserInfo(accessToken, idToken) {
+    return __async(this, null, function* () {
+      if (idToken) {
+        return this.extractUserFromIdToken(idToken);
+      }
+      const userInfo = yield fetch(this.endpoints.userinfo, {
+        headers: { Authorization: `Bearer ${accessToken}` }
+      });
+      return userInfo.json();
+    });
+  }
+};
+
+// src/services/SessionService.ts
+import { generateCodeVerifier } from "oslo/oauth2";
+var AuthSessionServiceImpl = class {
+  constructor(clientId, redirectUrl, oauthServer, inputEndpoints) {
+    this.clientId = clientId;
+    this.redirectUrl = redirectUrl;
+    this.oauthServer = oauthServer;
+    this.inputEndpoints = inputEndpoints;
+    this.codeVerifier = void 0;
+    this.refreshTokenTimeout = null;
+    this.codeVerifier = this.getCodeVerifier();
+    this.endpoints = inputEndpoints;
+  }
+  getCodeVerifier() {
+    return generateCodeVerifier();
+  }
+  getUserInfoService() {
+    return __async(this, null, function* () {
+      if (this.userInfoService) {
+        return this.userInfoService;
+      }
+      const endpoints = yield this.getEndpoints();
+      this.userInfoService = new UserInfoServiceImpl(endpoints);
+      return this.userInfoService;
+    });
+  }
+  getEndpoints() {
+    return __async(this, null, function* () {
+      var _a;
+      if ((_a = this.endpoints) == null ? void 0 : _a.auth) {
+        return this.endpoints;
+      }
+      const jwksEndpoints = yield getOauthEndpoints(this.oauthServer);
+      return this.endpoints ? __spreadValues(__spreadValues({}, this.endpoints), jwksEndpoints) : jwksEndpoints;
+    });
+  }
+  getOauth2Client() {
+    return __async(this, null, function* () {
+      if (this.oauth2Client) {
+        return this.oauth2Client;
+      }
+      const endpoints = yield this.getEndpoints();
+      this.oauth2Client = buildOauth2Client(
+        this.clientId,
+        this.redirectUrl,
+        endpoints
+      );
+      return this.oauth2Client;
+    });
+  }
+  getSessionData() {
+    console.log("getSessionData", this.clientId);
+    const storedItem = localStorage.getItem(`civic-auth:${this.clientId}`) || "{}";
+    console.log("stored item", storedItem);
+    return JSON.parse(storedItem);
+  }
+  updateSessionData(data) {
+    localStorage.setItem(
+      `civic-auth:${this.clientId}`,
+      JSON.stringify(__spreadValues({}, data))
+    );
+  }
+  getUser() {
+    return JSON.parse(
+      localStorage.getItem(`civic-auth:${this.clientId}:user`) || "{}"
+    );
+  }
+  setUser(data) {
+    localStorage.setItem(
+      `civic-auth:${this.clientId}:user`,
+      JSON.stringify(data === null ? {} : data)
+    );
+  }
+  clearSessionData() {
+    localStorage.setItem(`civic-auth:${this.clientId}`, JSON.stringify({}));
+  }
+  getAuthorizationUrlWithChallenge(state, scopes) {
+    return __async(this, null, function* () {
+      var _a;
+      const oauth2Client = yield this.getOauth2Client();
+      if ((_a = this.endpoints) == null ? void 0 : _a.challenge) {
+        const challenge = yield fetch(this.endpoints.challenge).then(
+          (res) => res.json().then((data) => data.challenge)
+        );
+        const oAuthUrl = yield oauth2Client.createAuthorizationURL({
+          state,
+          scopes
+        });
+        oAuthUrl.searchParams.append("code_challenge", challenge);
+        oAuthUrl.searchParams.append("code_challenge_method", "S256");
+        return oAuthUrl;
+      }
+      return oauth2Client.createAuthorizationURL({
+        state,
+        codeVerifier: this.codeVerifier,
+        codeChallengeMethod: "S256",
+        scopes
+      });
+    });
+  }
+  getAuthorizationUrl(scopes, displayMode, nonce) {
+    return __async(this, null, function* () {
+      const state = generateState(displayMode);
+      const existingSessionData = this.getSessionData();
+      this.updateSessionData(__spreadProps(__spreadValues({}, existingSessionData), {
+        codeVerifier: this.codeVerifier,
+        displayMode
+      }));
+      const oAuthUrl = yield this.getAuthorizationUrlWithChallenge(state, scopes);
+      if (nonce) {
+        oAuthUrl.searchParams.append("nonce", nonce);
+      }
+      oAuthUrl.searchParams.append("prompt", "consent");
+      return oAuthUrl.toString();
+    });
+  }
+  // TODO fix the Window reference
+  loadAuthorizationUrl(authorizationURL, displayMode) {
+    switch (displayMode) {
+      case "iframe":
+        break;
+      case "redirect":
+        window.location.href = authorizationURL;
+        break;
+      case "new_tab":
+        window.open(authorizationURL, "_blank");
+        break;
+      case "custom_tab":
+        break;
+    }
+  }
+  init() {
+    return __async(this, null, function* () {
+      yield this.getOauth2Client();
+      return this;
+    });
+  }
+  logout() {
+    return __async(this, null, function* () {
+      this.updateSessionData({ authenticated: false });
+    });
+  }
+  determineDisplayMode(displayMode) {
+    if (isPopupBlocked() && displayMode === "iframe") {
+      displayMode = "redirect";
+    }
+    return displayMode;
+  }
+  signIn(displayMode, scopes, nonce) {
+    return __async(this, null, function* () {
+      const authorizationURL = yield this.getAuthorizationUrl(
+        scopes,
+        displayMode,
+        nonce
+      );
+      this.loadAuthorizationUrl(authorizationURL, displayMode);
+    });
+  }
+  tokenExchange(responseUrl) {
+    return __async(this, null, function* () {
+      let session = this.getSessionData();
+      if (!session.authenticated) {
+        const url = new URL(responseUrl);
+        const authorizationCode = url.searchParams.get("code");
+        const returnedState = url.searchParams.get("state");
+        if (!authorizationCode || !returnedState) {
+          throw new Error("Invalid authorization response");
+        }
+        const codeVerifier = session.codeVerifier;
+        const oauth2Client = yield this.getOauth2Client();
+        const tokens = yield oauth2Client.validateAuthorizationCode(
+          authorizationCode,
+          {
+            codeVerifier
+          }
+        );
+        try {
+          yield this.validateTokens(tokens);
+        } catch (error) {
+          console.error("tokenExchange tokens", { error, tokens });
+          throw new Error(
+            `OIDC tokens validation failed: ${error.message}`
+          );
+        }
+        const parsedDisplayMode = displayModeFromState(
+          returnedState,
+          session.displayMode
+        );
+        session = __spreadProps(__spreadValues({}, session), {
+          displayMode: parsedDisplayMode,
+          idToken: tokens.id_token,
+          authenticated: true,
+          state: returnedState,
+          accessToken: tokens.access_token,
+          refreshToken: tokens.refresh_token,
+          timestamp: Date.now(),
+          expiresIn: tokens.expires_in
+        });
+        this.updateSessionData(session);
+        const user = yield (yield this.getUserInfoService()).getUserInfo(tokens.access_token, tokens.id_token || null);
+        this.setUser(user);
+      }
+      this.setupTokenRefresh(session);
+      if (session.displayMode === "new_tab") {
+        window.close();
+      } else if (session.displayMode === "redirect") {
+      }
+      return session;
+    });
+  }
+  setupTokenRefresh(session) {
+    if (this.refreshTokenTimeout) {
+      clearTimeout(this.refreshTokenTimeout);
+    }
+    if (session.expiresIn) {
+      const elapsedTime = Date.now() - (session.timestamp || 0);
+      const remainingTime = session.expiresIn * 1e3 - elapsedTime;
+      const refreshTime = Math.max(0, remainingTime - 6e4);
+      this.refreshTokenTimeout = setTimeout(() => {
+        this.refreshToken().then((newSession) => {
+          console.log("Token refreshed successfully", newSession);
+        }).catch((error) => {
+          console.error("Failed to refresh token:", error);
+          this.updateSessionData({});
+        });
+      }, refreshTime);
+    }
+  }
+  refreshToken() {
+    return __async(this, null, function* () {
+      const sessionData = this.getSessionData();
+      if (!sessionData.refreshToken) {
+        throw new Error("No refresh token available");
+      }
+      const oauth2Client = yield this.getOauth2Client();
+      const tokens = yield oauth2Client.refreshAccessToken(
+        sessionData.refreshToken
+      );
+      const session = __spreadProps(__spreadValues({}, sessionData), {
+        idToken: tokens.id_token,
+        authenticated: true,
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        timestamp: Date.now(),
+        expiresIn: tokens.expires_in
+      });
+      this.updateSessionData(session);
+      this.setupTokenRefresh(session);
+      return session;
+    });
+  }
+  getUserInfo() {
+    return __async(this, null, function* () {
+      const sessionData = this.getSessionData();
+      if (!sessionData.accessToken) {
+        throw new Error("No access token available");
+      }
+      const userInfoService = yield this.getUserInfoService();
+      return userInfoService.getUserInfo(
+        sessionData.accessToken,
+        sessionData.idToken || null
+      );
+    });
+  }
+  /**
+   * Uses the jose library to validate a JWT token using the OAuth JWKS endpoint
+   * @returns {Promise<jose.JWTPayload>}
+   * @throws {Error} if the token is invalid
+   * @param tokens
+   */
+  validateTokens(tokens) {
+    return __async(this, null, function* () {
+      const endpoints = yield this.getEndpoints();
+      if (!this.oauth2Client) yield this.init();
+      return validateOauth2Tokens(
+        tokens,
+        endpoints,
+        this.oauth2Client,
+        this.oauthServer
+      );
+    });
+  }
+  validateExistingSession() {
+    return __async(this, null, function* () {
+      const sessionData = this.getSessionData();
+      try {
+        if (!sessionData.idToken || !sessionData.accessToken) {
+          const unAuthenticatedSession = __spreadProps(__spreadValues({}, sessionData), { authenticated: false });
+          this.updateSessionData(unAuthenticatedSession);
+          return unAuthenticatedSession;
+        }
+        yield this.validateTokens({
+          id_token: sessionData.idToken,
+          access_token: sessionData.accessToken,
+          refresh_token: sessionData.refreshToken
+        });
+        sessionData.authenticated = true;
+        return sessionData;
+      } catch (error) {
+        console.warn("Failed to validate existing tokens", error);
+        const unAuthenticatedSession = {
+          authenticated: false
+        };
+        this.updateSessionData(unAuthenticatedSession);
+        return unAuthenticatedSession;
+      }
+    });
+  }
+};
+
+export {
+  AuthSessionServiceImpl,
+  loggers,
+  defaultAuthConfig,
+  resolveAuthConfig,
+  createCivicAuthPlugin
+};
+//# sourceMappingURL=chunk-NXBKSUKI.mjs.map

package/dist/chunk-NXBKSUKI.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/lib/logger.ts","../src/nextjs/config.ts","../src/services/UserInfoService.ts","../src/services/SessionService.ts"],"sourcesContent":["import debug from \"debug\";\n\nconst PACKAGE_NAME = \"@civic/auth\";\n\nexport interface Logger {\n  debug(message: string, ...args: unknown[]): void;\n  info(message: string, ...args: unknown[]): void;\n  warn(message: string, ...args: unknown[]): void;\n  error(message: string, ...args: unknown[]): void;\n}\n\nclass DebugLogger implements Logger {\n  private debugLogger: debug.Debugger;\n  private infoLogger: debug.Debugger;\n  private warnLogger: debug.Debugger;\n  private errorLogger: debug.Debugger;\n\n  constructor(namespace: string) {\n    // Format: @org/package:library:component:level\n    this.debugLogger = debug(`${PACKAGE_NAME}:${namespace}:debug`);\n    this.infoLogger = debug(`${PACKAGE_NAME}:${namespace}:info`);\n    this.warnLogger = debug(`${PACKAGE_NAME}:${namespace}:warn`);\n    this.errorLogger = debug(`${PACKAGE_NAME}:${namespace}:error`);\n\n    this.debugLogger.color = \"4\";\n    this.infoLogger.color = \"2\";\n    this.warnLogger.color = \"3\";\n    this.errorLogger.color = \"1\";\n  }\n\n  debug(message: string, ...args: unknown[]): void {\n    this.debugLogger(message, ...args);\n  }\n\n  info(message: string, ...args: unknown[]): void {\n    this.infoLogger(message, ...args);\n  }\n\n  warn(message: string, ...args: unknown[]): void {\n    this.warnLogger(message, ...args);\n  }\n\n  error(message: string, ...args: unknown[]): void {\n    this.errorLogger(message, ...args);\n  }\n}\n\nexport const createLogger = (namespace: string): Logger =>\n  new DebugLogger(namespace);\n\n// Pre-configured loggers for different parts of your package\nexport const loggers = {\n  // Next.js specific loggers\n  nextjs: {\n    routes: createLogger(\"api:routes\"),\n    middleware: createLogger(\"api:middleware\"),\n    handlers: {\n      auth: createLogger(\"api:handlers:auth\"),\n    },\n  },\n  // React specific loggers\n  react: {\n    components: createLogger(\"react:components\"),\n    hooks: createLogger(\"react:hooks\"),\n    context: createLogger(\"react:context\"),\n  },\n  // Shared utilities loggers\n  services: {\n    validation: createLogger(\"utils:validation\"),\n    network: createLogger(\"utils:network\"),\n  },\n} as const;\n","/* eslint-disable turbo/no-undeclared-env-vars */\nimport { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger\";\nimport { withoutUndefined } from \"@/utils.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nexport interface CookieConfig {\n  secure?: boolean;\n  sameSite?: \"strict\" | \"lax\" | \"none\";\n  domain?: string;\n  path?: string;\n  maxAge?: number;\n}\n\nexport type AuthConfigWithDefaults = {\n  clientId: string;\n  oauthServer: string;\n  callbackUrl: string;\n  loginUrl: string;\n  logoutUrl: string;\n  challengeUrl: string;\n  include: string[];\n  exclude: string[];\n  cookies: {\n    tokens: CookieConfig;\n    user: CookieConfig;\n  };\n};\n\nexport type AuthConfig = Partial<AuthConfigWithDefaults>;\n\nexport type DefinedAuthConfig = AuthConfigWithDefaults;\n\n/**\n * Default configuration values that will be used if not overridden\n */\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n  oauthServer: \"https://auth-dev.civic.com/oauth\",\n  callbackUrl: \"/api/auth/callback\",\n  challengeUrl: \"/api/auth/challenge\",\n  logoutUrl: \"/api/auth/logout\",\n  loginUrl: \"/\",\n  include: [\"/*\"],\n  exclude: [],\n  cookies: {\n    tokens: {\n      sameSite: \"strict\",\n      path: \"/\",\n      maxAge: 60 * 60, // 1 hour\n    },\n    user: {\n      sameSite: \"strict\",\n      path: \"/\",\n      maxAge: 60 * 60, // 1 hour\n    },\n  },\n};\n\n/**\n * Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n *\n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   callbackUrl: '/custom/callback',\n * })\n * ```\n */\nexport const resolveAuthConfig = (\n  config: AuthConfig = {},\n): AuthConfigWithDefaults & { clientId: string } => {\n  // Read configuration that was set by the plugin via environment variables\n  const configFromEnv = withoutUndefined({\n    clientId: process.env._civic_auth_client_id,\n    oauthServer: process.env._civic_oauth_server,\n    callbackUrl: process.env._civic_auth_callback_url,\n    challengeUrl: process.env._civic_auth_challenge_url,\n    loginUrl: process.env._civic_auth_login_url,\n    logoutUrl: process.env._civic_auth_logout_url,\n    include: process.env._civic_auth_includes?.split(\",\"),\n    exclude: process.env._civic_auth_excludes?.split(\",\"),\n    cookies: process.env._civic_auth_cookie_config\n      ? JSON.parse(process.env._civic_auth_cookie_config)\n      : undefined,\n  });\n\n  const mergedConfig = {\n    ...defaultAuthConfig,\n    ...configFromEnv, // Apply plugin-set config\n    ...config, // Override with directly passed config\n    cookies: {\n      tokens: {\n        ...defaultAuthConfig.cookies.tokens,\n        ...(config.cookies?.tokens || {}),\n      },\n      user: {\n        ...defaultAuthConfig.cookies.user,\n        ...(config.cookies?.user || {}),\n      },\n    },\n  };\n\n  logger.debug(\"Config from environment:\", configFromEnv);\n  logger.debug(\"Resolved config:\", mergedConfig);\n  if (mergedConfig.clientId === undefined) {\n    throw new Error(\"Civic Auth client ID is required\");\n  }\n  return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/**\n * Creates a Next.js plugin that handles auth configuration.\n *\n * This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   clientId: 'my-client-id',\n *   callbackUrl: '/custom/callback',\n *   loginUrl: '/custom/login',\n *   logoutUrl: '/custom/logout',\n *   include: ['/protected/*'],\n *   exclude: ['/public/*']\n * })\n * ```\n *\n * The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (\n  clientId: string,\n  authConfig: AuthConfig = {},\n) => {\n  return (nextConfig?: NextConfig) => {\n    const resolvedConfig = resolveAuthConfig({ ...authConfig, clientId });\n    return {\n      ...nextConfig,\n      env: {\n        ...nextConfig?.env,\n        // Internal environment variables - do not set these manually\n        _civic_auth_client_id: clientId,\n        _civic_oauth_server: resolvedConfig.oauthServer,\n        _civic_auth_callback_url: resolvedConfig.callbackUrl,\n        _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n        _civic_auth_login_url: resolvedConfig.loginUrl,\n        _civic_auth_logout_url: resolvedConfig.logoutUrl,\n        _civic_auth_includes: resolvedConfig.include.join(\",\"),\n        _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n      },\n    };\n  };\n};\n","import { UserInfoService, Endpoints } from \"@/types\";\nimport { parseJWT } from \"oslo/jwt\";\n\nexport class UserInfoServiceImpl implements UserInfoService {\n  constructor(private endpoints: Endpoints) {}\n\n  extractUserFromIdToken<T>(idToken: string): T | null {\n    const parsedJWT = parseJWT(idToken);\n    if (!parsedJWT) {\n      return null;\n    }\n    return parsedJWT.payload as T;\n  }\n\n  async getUserInfo<T>(\n    accessToken: string,\n    idToken: string | null,\n  ): Promise<T | null> {\n    if (idToken) {\n      return this.extractUserFromIdToken<T>(idToken);\n    }\n\n    const userInfo = await fetch(this.endpoints.userinfo, {\n      headers: { Authorization: `Bearer ${accessToken}` },\n    });\n    return userInfo.json() as T;\n  }\n}\n","import {\n  AuthSessionService,\n  DisplayMode,\n  Endpoints,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n  SessionData,\n  UnknownObject,\n  User,\n  UserInfoService,\n} from \"../types\";\nimport { UserInfoServiceImpl } from \"./UserInfoService\";\nimport { generateCodeVerifier, OAuth2Client } from \"oslo/oauth2\";\nimport {\n  displayModeFromState,\n  generateState,\n  getOauthEndpoints,\n} from \"@/lib/oauth\";\nimport { isPopupBlocked } from \"@/utils\";\nimport { buildOauth2Client, validateOauth2Tokens } from \"@/shared/util.js\";\n\nexport type StorageInterface = {\n  get(): SessionData;\n  getUser(): User<UnknownObject> | null;\n  set(data: Partial<SessionData>): void;\n  setUser(data: User<UnknownObject> | null): void;\n  clear(): void;\n};\n\nexport class AuthSessionServiceImpl implements AuthSessionService {\n  private endpoints: Endpoints | undefined;\n  private oauth2Client: OAuth2Client | undefined;\n  private userInfoService: UserInfoService | undefined;\n  private codeVerifier: string | undefined = undefined;\n  private refreshTokenTimeout: NodeJS.Timeout | null = null;\n\n  constructor(\n    readonly clientId: string,\n    readonly redirectUrl: string,\n    readonly oauthServer: string,\n    readonly inputEndpoints?: Partial<Endpoints> | undefined,\n  ) {\n    this.codeVerifier = this.getCodeVerifier();\n    this.endpoints = inputEndpoints as Endpoints;\n  }\n\n  protected getCodeVerifier(): string {\n    return generateCodeVerifier();\n  }\n\n  public async getUserInfoService(): Promise<UserInfoService> {\n    if (this.userInfoService) {\n      return this.userInfoService;\n    }\n    const endpoints = await this.getEndpoints();\n\n    this.userInfoService = new UserInfoServiceImpl(endpoints);\n    return this.userInfoService;\n  }\n\n  protected async getEndpoints(): Promise<Endpoints> {\n    if (this.endpoints?.auth) {\n      return this.endpoints;\n    }\n    const jwksEndpoints = await getOauthEndpoints(this.oauthServer);\n    return this.endpoints\n      ? { ...this.endpoints, ...jwksEndpoints }\n      : jwksEndpoints;\n  }\n\n  protected async getOauth2Client() {\n    if (this.oauth2Client) {\n      return this.oauth2Client;\n    }\n    const endpoints = await this.getEndpoints();\n    this.oauth2Client = buildOauth2Client(\n      this.clientId,\n      this.redirectUrl,\n      endpoints,\n    );\n    return this.oauth2Client;\n  }\n\n  getSessionData(): SessionData {\n    console.log(\"getSessionData\", this.clientId);\n    const storedItem =\n      localStorage.getItem(`civic-auth:${this.clientId}`) || \"{}\";\n    console.log(\"stored item\", storedItem);\n    return JSON.parse(storedItem) as SessionData;\n  }\n\n  updateSessionData(data: Partial<SessionData>): void {\n    localStorage.setItem(\n      `civic-auth:${this.clientId}`,\n      JSON.stringify({ ...data }),\n    );\n  }\n\n  getUser(): User<UnknownObject> | null {\n    return JSON.parse(\n      localStorage.getItem(`civic-auth:${this.clientId}:user`) || \"{}\",\n    ) as User<UnknownObject>;\n  }\n\n  setUser(data: User<UnknownObject> | null): void {\n    localStorage.setItem(\n      `civic-auth:${this.clientId}:user`,\n      JSON.stringify(data === null ? {} : data),\n    );\n  }\n\n  clearSessionData(): void {\n    localStorage.setItem(`civic-auth:${this.clientId}`, JSON.stringify({}));\n  }\n\n  async getAuthorizationUrlWithChallenge(\n    state: string,\n    scopes: string[],\n  ): Promise<URL> {\n    const oauth2Client = await this.getOauth2Client();\n    if (this.endpoints?.challenge) {\n      const challenge = await fetch(this.endpoints.challenge).then((res) =>\n        res.json().then((data) => data.challenge),\n      );\n      const oAuthUrl = await oauth2Client.createAuthorizationURL({\n        state,\n        scopes,\n      });\n      oAuthUrl.searchParams.append(\"code_challenge\", challenge);\n      oAuthUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n      return oAuthUrl;\n    }\n    return oauth2Client.createAuthorizationURL({\n      state,\n      codeVerifier: this.codeVerifier,\n      codeChallengeMethod: \"S256\",\n      scopes,\n    });\n  }\n\n  async getAuthorizationUrl(\n    scopes: string[],\n    displayMode: DisplayMode,\n    nonce?: string,\n  ): Promise<string> {\n    const state = generateState(displayMode);\n    const existingSessionData = this.getSessionData();\n    // TODO DK NOTES: Getter should not update state. This would be confusing to others. Should probably be part of signIn()\n    this.updateSessionData({\n      ...existingSessionData,\n      codeVerifier: this.codeVerifier,\n      displayMode,\n    });\n    const oAuthUrl = await this.getAuthorizationUrlWithChallenge(state, scopes);\n    if (nonce) {\n      // nonce isn't supported by oslo, so we add it manually\n      oAuthUrl.searchParams.append(\"nonce\", nonce);\n    }\n    oAuthUrl.searchParams.append(\"prompt\", \"consent\");\n    return oAuthUrl.toString();\n  }\n\n  // TODO fix the Window reference\n  loadAuthorizationUrl(authorizationURL: string, displayMode: DisplayMode) {\n    switch (displayMode) {\n      case \"iframe\":\n        // Implement iframe logic\n        break;\n      case \"redirect\":\n        window.location.href = authorizationURL;\n        break;\n      case \"new_tab\":\n        window.open(authorizationURL, \"_blank\");\n        break;\n      case \"custom_tab\":\n        // Implement custom tab logic (might require native app integration)\n        break;\n    }\n  }\n\n  async init(): Promise<this> {\n    await this.getOauth2Client();\n    return this;\n  }\n\n  async logout(): Promise<void> {\n    this.updateSessionData({ authenticated: false });\n  }\n\n  determineDisplayMode(displayMode: DisplayMode): DisplayMode {\n    // If popups are blocked and we're in iframe mode, we need to override the display mode to redirect\n    if (isPopupBlocked() && displayMode === \"iframe\") {\n      displayMode = \"redirect\";\n    }\n    // TODO: Add additional checks to determine the display mode for new_mode if new tabs are blocked.\n    return displayMode;\n  }\n\n  async signIn(\n    displayMode: DisplayMode,\n    scopes: string[],\n    nonce: string,\n  ): Promise<void> {\n    const authorizationURL = await this.getAuthorizationUrl(\n      scopes,\n      displayMode,\n      nonce,\n    );\n\n    this.loadAuthorizationUrl(authorizationURL, displayMode);\n  }\n\n  async tokenExchange(responseUrl: string): Promise<SessionData> {\n    let session = this.getSessionData();\n\n    if (!session.authenticated) {\n      const url = new URL(responseUrl);\n      const authorizationCode = url.searchParams.get(\"code\");\n      const returnedState = url.searchParams.get(\"state\");\n      if (!authorizationCode || !returnedState) {\n        throw new Error(\"Invalid authorization response\");\n      }\n      const codeVerifier = session.codeVerifier;\n      const oauth2Client = await this.getOauth2Client();\n      const tokens =\n        await oauth2Client.validateAuthorizationCode<OIDCTokenResponseBody>(\n          authorizationCode,\n          {\n            codeVerifier,\n          },\n        );\n\n      // Validate relevant tokens\n      try {\n        await this.validateTokens(tokens);\n      } catch (error) {\n        console.error(\"tokenExchange tokens\", { error, tokens });\n        throw new Error(\n          `OIDC tokens validation failed: ${(error as Error).message}`,\n        );\n      }\n      const parsedDisplayMode = displayModeFromState(\n        returnedState,\n        session.displayMode,\n      );\n      // Update session with authentication result\n      session = {\n        ...session,\n        displayMode: parsedDisplayMode,\n        idToken: tokens.id_token,\n        authenticated: true,\n        state: returnedState,\n        accessToken: tokens.access_token,\n        refreshToken: tokens.refresh_token,\n        timestamp: Date.now(),\n        expiresIn: tokens.expires_in,\n      };\n      this.updateSessionData(session);\n      const user = await (\n        await this.getUserInfoService()\n      ).getUserInfo(tokens.access_token, tokens.id_token || null);\n      this.setUser(user);\n    }\n\n    // Set up automatic token refresh\n    this.setupTokenRefresh(session);\n\n    if (session.displayMode === \"new_tab\") {\n      // Close the popup window\n      window.close();\n    } else if (session.displayMode === \"redirect\") {\n      // TODO: Determine if there is anything additional to do here\n    }\n    return session;\n  }\n\n  private setupTokenRefresh(session: SessionData): void {\n    if (this.refreshTokenTimeout) {\n      clearTimeout(this.refreshTokenTimeout);\n    }\n\n    if (session.expiresIn) {\n      // Calculate remaining time by subtracting elapsed time from total expiration time\n      const elapsedTime = Date.now() - (session.timestamp || 0);\n      const remainingTime = session.expiresIn * 1000 - elapsedTime;\n      // Refresh the token 1 minute before it expires\n      const refreshTime = Math.max(0, remainingTime - 60000);\n\n      this.refreshTokenTimeout = setTimeout(() => {\n        this.refreshToken()\n          .then((newSession) => {\n            console.log(\"Token refreshed successfully\", newSession);\n          })\n          .catch((error) => {\n            console.error(\"Failed to refresh token:\", error);\n            // Handle the error (e.g., log out the user or retry)\n            // TODO this should be replaced by the real logout once it is available\n            this.updateSessionData({});\n          });\n      }, refreshTime);\n    }\n  }\n\n  async refreshToken(): Promise<SessionData> {\n    const sessionData = this.getSessionData();\n    if (!sessionData.refreshToken) {\n      throw new Error(\"No refresh token available\");\n    }\n    const oauth2Client = await this.getOauth2Client();\n    const tokens = await oauth2Client.refreshAccessToken<OIDCTokenResponseBody>(\n      sessionData.refreshToken,\n    );\n\n    // Update session data\n    const session = {\n      ...sessionData,\n      idToken: tokens.id_token,\n      authenticated: true,\n      accessToken: tokens.access_token,\n      refreshToken: tokens.refresh_token,\n      timestamp: Date.now(),\n      expiresIn: tokens.expires_in,\n    };\n    this.updateSessionData(session);\n\n    // Schedule next automatic refresh\n    this.setupTokenRefresh(session);\n\n    return session;\n  }\n\n  async getUserInfo<T extends UnknownObject>(): Promise<User<T> | null> {\n    const sessionData = this.getSessionData();\n    if (!sessionData.accessToken) {\n      throw new Error(\"No access token available\");\n    }\n    const userInfoService = await this.getUserInfoService();\n    return userInfoService.getUserInfo<T>(\n      sessionData.accessToken,\n      sessionData.idToken || null,\n    );\n  }\n\n  /**\n   * Uses the jose library to validate a JWT token using the OAuth JWKS endpoint\n   * @returns {Promise<jose.JWTPayload>}\n   * @throws {Error} if the token is invalid\n   * @param tokens\n   */\n  async validateTokens(tokens: OIDCTokenResponseBody): Promise<ParsedTokens> {\n    const endpoints = await this.getEndpoints();\n\n    if (!this.oauth2Client) await this.init();\n\n    return validateOauth2Tokens(\n      tokens,\n      endpoints,\n      this.oauth2Client!,\n      this.oauthServer,\n    );\n  }\n\n  async validateExistingSession(): Promise<SessionData> {\n    const sessionData = this.getSessionData();\n    try {\n      if (!sessionData.idToken || !sessionData.accessToken) {\n        const unAuthenticatedSession = { ...sessionData, authenticated: false };\n        this.updateSessionData(unAuthenticatedSession);\n        return unAuthenticatedSession;\n      }\n      await this.validateTokens({\n        id_token: sessionData.idToken as string,\n        access_token: sessionData.accessToken as string,\n        refresh_token: sessionData.refreshToken as string,\n      });\n      sessionData.authenticated = true;\n      return sessionData;\n    } catch (error) {\n      console.warn(\"Failed to validate existing tokens\", error);\n      const unAuthenticatedSession = {\n        authenticated: false,\n      };\n      this.updateSessionData(unAuthenticatedSession);\n      return unAuthenticatedSession;\n    }\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;AAAA,OAAO,WAAW;AAElB,IAAM,eAAe;AASrB,IAAM,cAAN,MAAoC;AAAA,EAMlC,YAAY,WAAmB;AAE7B,SAAK,cAAc,MAAM,GAAG,YAAY,IAAI,SAAS,QAAQ;AAC7D,SAAK,aAAa,MAAM,GAAG,YAAY,IAAI,SAAS,OAAO;AAC3D,SAAK,aAAa,MAAM,GAAG,YAAY,IAAI,SAAS,OAAO;AAC3D,SAAK,cAAc,MAAM,GAAG,YAAY,IAAI,SAAS,QAAQ;AAE7D,SAAK,YAAY,QAAQ;AACzB,SAAK,WAAW,QAAQ;AACxB,SAAK,WAAW,QAAQ;AACxB,SAAK,YAAY,QAAQ;AAAA,EAC3B;AAAA,EAEA,MAAM,YAAoB,MAAuB;AAC/C,SAAK,YAAY,SAAS,GAAG,IAAI;AAAA,EACnC;AAAA,EAEA,KAAK,YAAoB,MAAuB;AAC9C,SAAK,WAAW,SAAS,GAAG,IAAI;AAAA,EAClC;AAAA,EAEA,KAAK,YAAoB,MAAuB;AAC9C,SAAK,WAAW,SAAS,GAAG,IAAI;AAAA,EAClC;AAAA,EAEA,MAAM,YAAoB,MAAuB;AAC/C,SAAK,YAAY,SAAS,GAAG,IAAI;AAAA,EACnC;AACF;AAEO,IAAM,eAAe,CAAC,cAC3B,IAAI,YAAY,SAAS;AAGpB,IAAM,UAAU;AAAA;AAAA,EAErB,QAAQ;AAAA,IACN,QAAQ,aAAa,YAAY;AAAA,IACjC,YAAY,aAAa,gBAAgB;AAAA,IACzC,UAAU;AAAA,MACR,MAAM,aAAa,mBAAmB;AAAA,IACxC;AAAA,EACF;AAAA;AAAA,EAEA,OAAO;AAAA,IACL,YAAY,aAAa,kBAAkB;AAAA,IAC3C,OAAO,aAAa,aAAa;AAAA,IACjC,SAAS,aAAa,eAAe;AAAA,EACvC;AAAA;AAAA,EAEA,UAAU;AAAA,IACR,YAAY,aAAa,kBAAkB;AAAA,IAC3C,SAAS,aAAa,eAAe;AAAA,EACvC;AACF;;;AClEA,IAAM,SAAS,QAAQ,OAAO,SAAS;AAgChC,IAAM,oBAA8D;AAAA,EACzE,aAAa;AAAA,EACb,aAAa;AAAA,EACb,cAAc;AAAA,EACd,WAAW;AAAA,EACX,UAAU;AAAA,EACV,SAAS,CAAC,IAAI;AAAA,EACd,SAAS,CAAC;AAAA,EACV,SAAS;AAAA,IACP,QAAQ;AAAA,MACN,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,KAAK;AAAA;AAAA,IACf;AAAA,IACA,MAAM;AAAA,MACJ,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,KAAK;AAAA;AAAA,IACf;AAAA,EACF;AACF;AAmBO,IAAM,oBAAoB,CAC/B,SAAqB,CAAC,MAC4B;AA9EpD;AAgFE,QAAM,gBAAgB,iBAAiB;AAAA,IACrC,UAAU,QAAQ,IAAI;AAAA,IACtB,aAAa,QAAQ,IAAI;AAAA,IACzB,aAAa,QAAQ,IAAI;AAAA,IACzB,cAAc,QAAQ,IAAI;AAAA,IAC1B,UAAU,QAAQ,IAAI;AAAA,IACtB,WAAW,QAAQ,IAAI;AAAA,IACvB,UAAS,aAAQ,IAAI,yBAAZ,mBAAkC,MAAM;AAAA,IACjD,UAAS,aAAQ,IAAI,yBAAZ,mBAAkC,MAAM;AAAA,IACjD,SAAS,QAAQ,IAAI,4BACjB,KAAK,MAAM,QAAQ,IAAI,yBAAyB,IAChD;AAAA,EACN,CAAC;AAED,QAAM,eAAe,+DAChB,oBACA,gBACA,SAHgB;AAAA;AAAA,IAInB,SAAS;AAAA,MACP,QAAQ,kCACH,kBAAkB,QAAQ,WACzB,YAAO,YAAP,mBAAgB,WAAU,CAAC;AAAA,MAEjC,MAAM,kCACD,kBAAkB,QAAQ,SACzB,YAAO,YAAP,mBAAgB,SAAQ,CAAC;AAAA,IAEjC;AAAA,EACF;AAEA,SAAO,MAAM,4BAA4B,aAAa;AACtD,SAAO,MAAM,oBAAoB,YAAY;AAC7C,MAAI,aAAa,aAAa,QAAW;AACvC,UAAM,IAAI,MAAM,kCAAkC;AAAA,EACpD;AACA,SAAO;AACT;AAyBO,IAAM,wBAAwB,CACnC,UACA,aAAyB,CAAC,MACvB;AACH,SAAO,CAAC,eAA4B;AAClC,UAAM,iBAAiB,kBAAkB,iCAAK,aAAL,EAAiB,SAAS,EAAC;AACpE,WAAO,iCACF,aADE;AAAA,MAEL,KAAK,iCACA,yCAAY,MADZ;AAAA;AAAA,QAGH,uBAAuB;AAAA,QACvB,qBAAqB,eAAe;AAAA,QACpC,0BAA0B,eAAe;AAAA,QACzC,2BAA2B,eAAe;AAAA,QAC1C,uBAAuB,eAAe;AAAA,QACtC,wBAAwB,eAAe;AAAA,QACvC,sBAAsB,eAAe,QAAQ,KAAK,GAAG;AAAA,QACrD,sBAAsB,eAAe,QAAQ,KAAK,GAAG;AAAA,QACrD,2BAA2B,KAAK,UAAU,eAAe,OAAO;AAAA,MAClE;AAAA,IACF;AAAA,EACF;AACF;;;ACnKA,SAAS,gBAAgB;AAElB,IAAM,sBAAN,MAAqD;AAAA,EAC1D,YAAoB,WAAsB;AAAtB;AAAA,EAAuB;AAAA,EAE3C,uBAA0B,SAA2B;AACnD,UAAM,YAAY,SAAS,OAAO;AAClC,QAAI,CAAC,WAAW;AACd,aAAO;AAAA,IACT;AACA,WAAO,UAAU;AAAA,EACnB;AAAA,EAEM,YACJ,aACA,SACmB;AAAA;AACnB,UAAI,SAAS;AACX,eAAO,KAAK,uBAA0B,OAAO;AAAA,MAC/C;AAEA,YAAM,WAAW,MAAM,MAAM,KAAK,UAAU,UAAU;AAAA,QACpD,SAAS,EAAE,eAAe,UAAU,WAAW,GAAG;AAAA,MACpD,CAAC;AACD,aAAO,SAAS,KAAK;AAAA,IACvB;AAAA;AACF;;;ACfA,SAAS,4BAA0C;AAiB5C,IAAM,yBAAN,MAA2D;AAAA,EAOhE,YACW,UACA,aACA,aACA,gBACT;AAJS;AACA;AACA;AACA;AAPX,SAAQ,eAAmC;AAC3C,SAAQ,sBAA6C;AAQnD,SAAK,eAAe,KAAK,gBAAgB;AACzC,SAAK,YAAY;AAAA,EACnB;AAAA,EAEU,kBAA0B;AAClC,WAAO,qBAAqB;AAAA,EAC9B;AAAA,EAEa,qBAA+C;AAAA;AAC1D,UAAI,KAAK,iBAAiB;AACxB,eAAO,KAAK;AAAA,MACd;AACA,YAAM,YAAY,MAAM,KAAK,aAAa;AAE1C,WAAK,kBAAkB,IAAI,oBAAoB,SAAS;AACxD,aAAO,KAAK;AAAA,IACd;AAAA;AAAA,EAEgB,eAAmC;AAAA;AA5DrD;AA6DI,WAAI,UAAK,cAAL,mBAAgB,MAAM;AACxB,eAAO,KAAK;AAAA,MACd;AACA,YAAM,gBAAgB,MAAM,kBAAkB,KAAK,WAAW;AAC9D,aAAO,KAAK,YACR,kCAAK,KAAK,YAAc,iBACxB;AAAA,IACN;AAAA;AAAA,EAEgB,kBAAkB;AAAA;AAChC,UAAI,KAAK,cAAc;AACrB,eAAO,KAAK;AAAA,MACd;AACA,YAAM,YAAY,MAAM,KAAK,aAAa;AAC1C,WAAK,eAAe;AAAA,QAClB,KAAK;AAAA,QACL,KAAK;AAAA,QACL;AAAA,MACF;AACA,aAAO,KAAK;AAAA,IACd;AAAA;AAAA,EAEA,iBAA8B;AAC5B,YAAQ,IAAI,kBAAkB,KAAK,QAAQ;AAC3C,UAAM,aACJ,aAAa,QAAQ,cAAc,KAAK,QAAQ,EAAE,KAAK;AACzD,YAAQ,IAAI,eAAe,UAAU;AACrC,WAAO,KAAK,MAAM,UAAU;AAAA,EAC9B;AAAA,EAEA,kBAAkB,MAAkC;AAClD,iBAAa;AAAA,MACX,cAAc,KAAK,QAAQ;AAAA,MAC3B,KAAK,UAAU,mBAAK,KAAM;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,UAAsC;AACpC,WAAO,KAAK;AAAA,MACV,aAAa,QAAQ,cAAc,KAAK,QAAQ,OAAO,KAAK;AAAA,IAC9D;AAAA,EACF;AAAA,EAEA,QAAQ,MAAwC;AAC9C,iBAAa;AAAA,MACX,cAAc,KAAK,QAAQ;AAAA,MAC3B,KAAK,UAAU,SAAS,OAAO,CAAC,IAAI,IAAI;AAAA,IAC1C;AAAA,EACF;AAAA,EAEA,mBAAyB;AACvB,iBAAa,QAAQ,cAAc,KAAK,QAAQ,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC;AAAA,EACxE;AAAA,EAEM,iCACJ,OACA,QACc;AAAA;AAtHlB;AAuHI,YAAM,eAAe,MAAM,KAAK,gBAAgB;AAChD,WAAI,UAAK,cAAL,mBAAgB,WAAW;AAC7B,cAAM,YAAY,MAAM,MAAM,KAAK,UAAU,SAAS,EAAE;AAAA,UAAK,CAAC,QAC5D,IAAI,KAAK,EAAE,KAAK,CAAC,SAAS,KAAK,SAAS;AAAA,QAC1C;AACA,cAAM,WAAW,MAAM,aAAa,uBAAuB;AAAA,UACzD;AAAA,UACA;AAAA,QACF,CAAC;AACD,iBAAS,aAAa,OAAO,kBAAkB,SAAS;AACxD,iBAAS,aAAa,OAAO,yBAAyB,MAAM;AAC5D,eAAO;AAAA,MACT;AACA,aAAO,aAAa,uBAAuB;AAAA,QACzC;AAAA,QACA,cAAc,KAAK;AAAA,QACnB,qBAAqB;AAAA,QACrB;AAAA,MACF,CAAC;AAAA,IACH;AAAA;AAAA,EAEM,oBACJ,QACA,aACA,OACiB;AAAA;AACjB,YAAM,QAAQ,cAAc,WAAW;AACvC,YAAM,sBAAsB,KAAK,eAAe;AAEhD,WAAK,kBAAkB,iCAClB,sBADkB;AAAA,QAErB,cAAc,KAAK;AAAA,QACnB;AAAA,MACF,EAAC;AACD,YAAM,WAAW,MAAM,KAAK,iCAAiC,OAAO,MAAM;AAC1E,UAAI,OAAO;AAET,iBAAS,aAAa,OAAO,SAAS,KAAK;AAAA,MAC7C;AACA,eAAS,aAAa,OAAO,UAAU,SAAS;AAChD,aAAO,SAAS,SAAS;AAAA,IAC3B;AAAA;AAAA;AAAA,EAGA,qBAAqB,kBAA0B,aAA0B;AACvE,YAAQ,aAAa;AAAA,MACnB,KAAK;AAEH;AAAA,MACF,KAAK;AACH,eAAO,SAAS,OAAO;AACvB;AAAA,MACF,KAAK;AACH,eAAO,KAAK,kBAAkB,QAAQ;AACtC;AAAA,MACF,KAAK;AAEH;AAAA,IACJ;AAAA,EACF;AAAA,EAEM,OAAsB;AAAA;AAC1B,YAAM,KAAK,gBAAgB;AAC3B,aAAO;AAAA,IACT;AAAA;AAAA,EAEM,SAAwB;AAAA;AAC5B,WAAK,kBAAkB,EAAE,eAAe,MAAM,CAAC;AAAA,IACjD;AAAA;AAAA,EAEA,qBAAqB,aAAuC;AAE1D,QAAI,eAAe,KAAK,gBAAgB,UAAU;AAChD,oBAAc;AAAA,IAChB;AAEA,WAAO;AAAA,EACT;AAAA,EAEM,OACJ,aACA,QACA,OACe;AAAA;AACf,YAAM,mBAAmB,MAAM,KAAK;AAAA,QAClC;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEA,WAAK,qBAAqB,kBAAkB,WAAW;AAAA,IACzD;AAAA;AAAA,EAEM,cAAc,aAA2C;AAAA;AAC7D,UAAI,UAAU,KAAK,eAAe;AAElC,UAAI,CAAC,QAAQ,eAAe;AAC1B,cAAM,MAAM,IAAI,IAAI,WAAW;AAC/B,cAAM,oBAAoB,IAAI,aAAa,IAAI,MAAM;AACrD,cAAM,gBAAgB,IAAI,aAAa,IAAI,OAAO;AAClD,YAAI,CAAC,qBAAqB,CAAC,eAAe;AACxC,gBAAM,IAAI,MAAM,gCAAgC;AAAA,QAClD;AACA,cAAM,eAAe,QAAQ;AAC7B,cAAM,eAAe,MAAM,KAAK,gBAAgB;AAChD,cAAM,SACJ,MAAM,aAAa;AAAA,UACjB;AAAA,UACA;AAAA,YACE;AAAA,UACF;AAAA,QACF;AAGF,YAAI;AACF,gBAAM,KAAK,eAAe,MAAM;AAAA,QAClC,SAAS,OAAO;AACd,kBAAQ,MAAM,wBAAwB,EAAE,OAAO,OAAO,CAAC;AACvD,gBAAM,IAAI;AAAA,YACR,kCAAmC,MAAgB,OAAO;AAAA,UAC5D;AAAA,QACF;AACA,cAAM,oBAAoB;AAAA,UACxB;AAAA,UACA,QAAQ;AAAA,QACV;AAEA,kBAAU,iCACL,UADK;AAAA,UAER,aAAa;AAAA,UACb,SAAS,OAAO;AAAA,UAChB,eAAe;AAAA,UACf,OAAO;AAAA,UACP,aAAa,OAAO;AAAA,UACpB,cAAc,OAAO;AAAA,UACrB,WAAW,KAAK,IAAI;AAAA,UACpB,WAAW,OAAO;AAAA,QACpB;AACA,aAAK,kBAAkB,OAAO;AAC9B,cAAM,OAAO,OACX,MAAM,KAAK,mBAAmB,GAC9B,YAAY,OAAO,cAAc,OAAO,YAAY,IAAI;AAC1D,aAAK,QAAQ,IAAI;AAAA,MACnB;AAGA,WAAK,kBAAkB,OAAO;AAE9B,UAAI,QAAQ,gBAAgB,WAAW;AAErC,eAAO,MAAM;AAAA,MACf,WAAW,QAAQ,gBAAgB,YAAY;AAAA,MAE/C;AACA,aAAO;AAAA,IACT;AAAA;AAAA,EAEQ,kBAAkB,SAA4B;AACpD,QAAI,KAAK,qBAAqB;AAC5B,mBAAa,KAAK,mBAAmB;AAAA,IACvC;AAEA,QAAI,QAAQ,WAAW;AAErB,YAAM,cAAc,KAAK,IAAI,KAAK,QAAQ,aAAa;AACvD,YAAM,gBAAgB,QAAQ,YAAY,MAAO;AAEjD,YAAM,cAAc,KAAK,IAAI,GAAG,gBAAgB,GAAK;AAErD,WAAK,sBAAsB,WAAW,MAAM;AAC1C,aAAK,aAAa,EACf,KAAK,CAAC,eAAe;AACpB,kBAAQ,IAAI,gCAAgC,UAAU;AAAA,QACxD,CAAC,EACA,MAAM,CAAC,UAAU;AAChB,kBAAQ,MAAM,4BAA4B,KAAK;AAG/C,eAAK,kBAAkB,CAAC,CAAC;AAAA,QAC3B,CAAC;AAAA,MACL,GAAG,WAAW;AAAA,IAChB;AAAA,EACF;AAAA,EAEM,eAAqC;AAAA;AACzC,YAAM,cAAc,KAAK,eAAe;AACxC,UAAI,CAAC,YAAY,cAAc;AAC7B,cAAM,IAAI,MAAM,4BAA4B;AAAA,MAC9C;AACA,YAAM,eAAe,MAAM,KAAK,gBAAgB;AAChD,YAAM,SAAS,MAAM,aAAa;AAAA,QAChC,YAAY;AAAA,MACd;AAGA,YAAM,UAAU,iCACX,cADW;AAAA,QAEd,SAAS,OAAO;AAAA,QAChB,eAAe;AAAA,QACf,aAAa,OAAO;AAAA,QACpB,cAAc,OAAO;AAAA,QACrB,WAAW,KAAK,IAAI;AAAA,QACpB,WAAW,OAAO;AAAA,MACpB;AACA,WAAK,kBAAkB,OAAO;AAG9B,WAAK,kBAAkB,OAAO;AAE9B,aAAO;AAAA,IACT;AAAA;AAAA,EAEM,cAAgE;AAAA;AACpE,YAAM,cAAc,KAAK,eAAe;AACxC,UAAI,CAAC,YAAY,aAAa;AAC5B,cAAM,IAAI,MAAM,2BAA2B;AAAA,MAC7C;AACA,YAAM,kBAAkB,MAAM,KAAK,mBAAmB;AACtD,aAAO,gBAAgB;AAAA,QACrB,YAAY;AAAA,QACZ,YAAY,WAAW;AAAA,MACzB;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQM,eAAe,QAAsD;AAAA;AACzE,YAAM,YAAY,MAAM,KAAK,aAAa;AAE1C,UAAI,CAAC,KAAK,aAAc,OAAM,KAAK,KAAK;AAExC,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA,KAAK;AAAA,QACL,KAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA,EAEM,0BAAgD;AAAA;AACpD,YAAM,cAAc,KAAK,eAAe;AACxC,UAAI;AACF,YAAI,CAAC,YAAY,WAAW,CAAC,YAAY,aAAa;AACpD,gBAAM,yBAAyB,iCAAK,cAAL,EAAkB,eAAe,MAAM;AACtE,eAAK,kBAAkB,sBAAsB;AAC7C,iBAAO;AAAA,QACT;AACA,cAAM,KAAK,eAAe;AAAA,UACxB,UAAU,YAAY;AAAA,UACtB,cAAc,YAAY;AAAA,UAC1B,eAAe,YAAY;AAAA,QAC7B,CAAC;AACD,oBAAY,gBAAgB;AAC5B,eAAO;AAAA,MACT,SAAS,OAAO;AACd,gBAAQ,KAAK,sCAAsC,KAAK;AACxD,cAAM,yBAAyB;AAAA,UAC7B,eAAe;AAAA,QACjB;AACA,aAAK,kBAAkB,sBAAsB;AAC7C,eAAO;AAAA,MACT;AAAA,IACF;AAAA;AACF;","names":[]}